Revert "Abort on unrecognised warning alerts"

This reverts commit 77a6be4dfc2ecf406c2559a99bea51317ce0f533. There were some unexpected side effects to this commit, e.g. in SSLv3 a warning alert gets sent "no_certificate" if a client does not send a Certificate during Client Auth. With the above commit this causes the connection to abort, which is incorrect. There may be some other edge cases like this so we need to have a rethink on this. Reviewed-by: Tim Hudson <tjh@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-09-15 20:43:16 +0100
committer: Matt Caswell <matt@openssl.org> 2016-09-15 22:51:06 +0100
commit: ea6e2d543653196cb6d095f72b35073404c8ae33 (patch)
tree: 1893e463be596b0dd8a5d010a125ec91341b75d4 /ssl
parent: 2abbe94828351178220b7e284504cfb5eb1dabbb (diff)
1 files changed, 2 insertions, 8 deletions
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index aa148ba490..46870c054b 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1351,15 +1351,9 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
                 goto f_err;
             }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
-            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) {
-                return 0;
-            }
+            else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                return (0);
 #endif
-            else {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-                goto f_err;
-            }
         } else if (alert_level == SSL3_AL_FATAL) {
             char tmp[16];
author	Matt Caswell <matt@openssl.org>	2016-09-15 20:43:16 +0100
committer	Matt Caswell <matt@openssl.org>	2016-09-15 22:51:06 +0100
commit	ea6e2d543653196cb6d095f72b35073404c8ae33 (patch)
tree	1893e463be596b0dd8a5d010a125ec91341b75d4 /ssl
parent	2abbe94828351178220b7e284504cfb5eb1dabbb (diff)